Make dependabot update github actions

krysal commented 1 year ago

Problem

Some GH action dependencies are behind the latest updates:

actions/setup-python in CI + CD / Lint job
docker/setup-buildx-action in CI + CD / Build images (ingestion_server) job
etc.

Description

Let's have dependabot keep them up to date. The catalog is already configured to do this:

https://github.com/WordPress/openverse-catalog/blob/5933f712d2d017eb1d952c68fffc6f1606d58eb1/.github/dependabot.yml#L25-L33

Whoever takes this can very well copy those lines, and it should work.

Alternatives

Maybe using Renovate, but dependabot is already serving us well. I don't see the need to change it.

Additional context

Configuration options for the dependabot.yml file
See an example of warnings thrown by old GH actions in https://github.com/WordPress/openverse-api/actions/runs/3696820240

zmwaris1 commented 1 year ago

Hi @krysal I would like to work on this issue as my first PR. Will you please assign this to me?

dhruvkb commented 1 year ago

@zmwaris1 sure, go ahead!

zmwaris1 commented 1 year ago

Thanks @dhruvkb .

zmwaris1 commented 1 year ago

Hi, I need an assistance. After copying lines from dependabot.yml file do I put it under each subcategory of jobs in ci_cd.yml file or make a new flow same as in dependabot.yml file.

dhruvkb commented 1 year ago

@zmwaris1 the changes should go in dependabot.yml. It will not be a job inside ci_cd.yml.

zmwaris1 commented 1 year ago

@dhruvkb okay, thank you.

WordPress / openverse-api